small medium large xlarge

02 Apr 2010, 00:36
shrimpy (1 post)

in chapter 8.4, it is going to avoid people input a wrong product id to hack the app,

it does avoid people to do hack like this “http://localhost:3000/store/add_to_cart/widdle”

how ever, if people do things like this “http://localhost:3000/store/add_to_cart/2widdle”

the application will take the “2” as id

so, 8.4 not really solve the problem….

You must be logged in to comment